Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/bWnnv6f6CrTvwOH-fReoBKcPsaw.roa
File: bWnnv6f6CrTvwOH-fReoBKcPsaw.roa (raw, json)
Hash identifier: Jv4kRwmax/HOSw2+NF6FpTosXvfK9hgIM3t90Z+qXd8=
Subject key identifier: 6D:69:E7:BF:A7:FA:0A:B4:EF:C0:E1:FE:7D:17:A8:04:A7:0F:B1:AC
Certificate issuer: /CN=a0a8631e6e5a7ac66da4fb160fd5b4fca9378805
Certificate serial: 0182B69C55B386B493A894F3E61EB5FE0487
Authority key identifier: A0:A8:63:1E:6E:5A:7A:C6:6D:A4:FB:16:0F:D5:B4:FC:A9:37:88:05
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oKhjHm5aesZtpPsWD9W0_Kk3iAU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/bWnnv6f6CrTvwOH-fReoBKcPsaw.roa
Signing time: Fri 19 Aug 2022 14:57:55 +0000
ROA not before: Fri 19 Aug 2022 14:57:55 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60198
IP address blocks: 46.17.217.0/24 maxlen: 24
46.17.216.0/23 maxlen: 23
46.17.216.0/24 maxlen: 24
46.17.218.0/24 maxlen: 24
46.17.219.0/24 maxlen: 24
2a02:4f61::/32 maxlen: 32
2a02:4f64::/32 maxlen: 32
2a02:4f65::/32 maxlen: 32
2a02:4f62::/32 maxlen: 32
2a02:4f63::/32 maxlen: 32
2a02:4f67::/32 maxlen: 32
2a02:4f60::/32 maxlen: 32
2a02:4f66::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:b6:9c:55:b3:86:b4:93:a8:94:f3:e6:1e:b5:fe:04:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0a8631e6e5a7ac66da4fb160fd5b4fca9378805
Validity
Not Before: Aug 19 14:57:55 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6d69e7bfa7fa0ab4efc0e1fe7d17a804a70fb1ac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:78:e6:27:2a:69:64:3a:62:d3:8f:c1:04:6c:
80:54:f5:e6:55:4e:1b:61:21:91:92:19:52:83:af:
aa:d5:5b:9b:45:29:c4:50:d1:ee:68:04:66:d6:96:
2a:99:0e:b9:c9:cf:36:75:c6:73:74:d4:d0:c2:df:
d2:46:cb:2c:32:d8:dd:4f:17:3b:8e:04:2c:70:2d:
67:7f:01:ff:13:f0:90:9b:d2:bf:26:1f:64:b1:4e:
bd:93:3e:68:5e:00:5d:27:4d:80:00:19:75:70:43:
c2:63:e7:35:8c:c3:91:15:69:1b:a6:54:4d:79:4f:
30:69:45:ee:95:86:9c:7e:18:82:a0:c0:c5:ca:c9:
f3:73:e9:e1:f9:27:7d:d4:eb:9c:35:2d:c4:3c:3f:
2c:3e:87:0c:29:a2:94:70:d2:60:48:96:28:30:a2:
6e:68:6b:c1:9a:2c:f9:b7:a3:d3:4a:5d:82:c4:d6:
e6:65:d8:36:9a:0f:a3:67:c9:57:f2:fd:51:ac:7a:
38:b7:d9:35:d0:4e:31:f5:ed:88:8c:67:73:a2:e3:
3b:eb:27:82:79:0e:64:96:4b:90:73:76:70:bd:30:
1a:9c:16:66:34:45:56:03:a3:a4:69:64:26:5b:c6:
6e:c7:97:2d:a4:f4:41:43:55:6c:95:8b:b1:d1:e2:
fa:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:69:E7:BF:A7:FA:0A:B4:EF:C0:E1:FE:7D:17:A8:04:A7:0F:B1:AC
X509v3 Authority Key Identifier:
keyid:A0:A8:63:1E:6E:5A:7A:C6:6D:A4:FB:16:0F:D5:B4:FC:A9:37:88:05
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oKhjHm5aesZtpPsWD9W0_Kk3iAU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/bWnnv6f6CrTvwOH-fReoBKcPsaw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/dffa9b-1d69-4869-9dc4-867d1d877140/1/oKhjHm5aesZtpPsWD9W0_Kk3iAU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.17.216.0/22
IPv6:
2a02:4f60::/29
Signature Algorithm: sha256WithRSAEncryption
82:93:e5:3f:58:a0:47:6b:17:d9:e0:02:10:33:de:62:ab:42:
d7:2f:e2:94:e0:e3:20:6c:29:f3:6d:08:de:74:c4:cf:d7:f5:
6b:2b:39:1a:69:91:7a:72:b2:ec:1a:f0:5a:c9:cf:7b:5f:23:
73:9a:37:ee:7b:d4:43:66:7d:31:40:79:68:f3:bc:99:13:f2:
13:95:f0:d3:ce:3b:33:a9:bb:31:8d:ee:43:c0:53:f4:40:be:
89:11:fc:cd:75:c6:47:93:66:f6:00:e6:a2:42:53:45:d1:ba:
1d:90:17:cb:60:fe:0f:92:9a:2a:56:f6:41:cb:05:af:ad:45:
2b:5d:30:d4:34:6c:f5:a8:dd:ab:0b:bc:8e:82:ba:fc:1a:63:
d8:6c:1c:58:f7:d3:1d:e5:98:79:6b:f8:bd:39:9e:31:14:6d:
7a:79:12:06:20:80:d1:04:5e:5b:29:0b:ee:24:b4:45:4b:cd:
b2:ae:57:f6:ea:44:66:87:e0:f9:a3:9a:b5:b4:a5:90:be:31:
3e:35:e2:f2:0e:d0:29:d6:49:da:c7:49:ff:e1:99:11:8c:94:
62:e9:d5:5e:08:38:83:e0:cb:cd:f1:2f:87:44:f2:00:43:c3:
ee:3d:02:4e:37:a7:46:b0:ec:91:73:f7:17:6b:1d:bc:94:c8:
be:08:a5:a4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYK2nFWzhrSTqJTz5h61/gSHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYTg2MzFlNmU1YTdhYzY2ZGE0ZmIxNjBmZDViNGZjYTkz
Nzg4MDUwHhcNMjIwODE5MTQ1NzU1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDY5ZTdiZmE3ZmEwYWI0ZWZjMGUxZmU3ZDE3YTgwNGE3MGZiMWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3jmJyppZDpi04/BBGyAVPXmVU4b
YSGRkhlSg6+q1VubRSnEUNHuaARm1pYqmQ65yc82dcZzdNTQwt/SRsssMtjdTxc7
jgQscC1nfwH/E/CQm9K/Jh9ksU69kz5oXgBdJ02AABl1cEPCY+c1jMORFWkbplRN
eU8waUXulYacfhiCoMDFysnzc+nh+Sd91OucNS3EPD8sPocMKaKUcNJgSJYoMKJu
aGvBmiz5t6PTSl2CxNbmZdg2mg+jZ8lX8v1RrHo4t9k10E4x9e2IjGdzouM76yeC
eQ5klkuQc3ZwvTAanBZmNEVWA6OkaWQmW8Zux5ctpPRBQ1VslYux0eL6fwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG1p57+n+gq078Dh/n0XqASnD7GsMB8GA1UdIwQY
MBaAFKCoYx5uWnrGbaT7Fg/VtPypN4gFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0toakhtNWFlc1p0cFBzV0Q5VzBfS2szaUFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9kZmZhOWItMWQ2OS00ODY5LTlkYzQt
ODY3ZDFkODc3MTQwLzEvYldubnY2ZjZDclR2d09ILWZSZW9CS2NQc2F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9kZmZhOWItMWQ2OS00ODY5LTlkYzQtODY3ZDFkODc3MTQw
LzEvb0toakhtNWFlc1p0cFBzV0Q5VzBfS2szaUFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLhHYMA0E
AgACMAcDBQMqAk9gMA0GCSqGSIb3DQEBCwUAA4IBAQCCk+U/WKBHaxfZ4AIQM95i
q0LXL+KU4OMgbCnzbQjedMTP1/VrKzkaaZF6crLsGvBayc97XyNzmjfue9RDZn0x
QHlo87yZE/ITlfDTzjszqbsxje5DwFP0QL6JEfzNdcZHk2b2AOaiQlNF0bodkBfL
YP4PkpoqVvZBywWvrUUrXTDUNGz1qN2rC7yOgrr8GmPYbBxY99Md5Zh5a/i9OZ4x
FG16eRIGIIDRBF5bKQvuJLRFS82yrlf26kRmh+D5o5q1tKWQvjE+NeLyDtAp1kna
x0n/4ZkRjJRi6dVeCDiD4MvN8S+HRPIAQ8PuPQJON6dGsOyRc/cXax28lMi+CKWk
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:15 2024 by rpki-client on console-fra.rpki-client.org